Advanced search  

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Pages: [1]   Go Down

Author Topic: Are shell instructions bad?  (Read 3888 times)

0 Members and 1 Guest are viewing this topic.

trippinsweet

  • Contributor
  • Coppermine novice
  • ***
  • Offline Offline
  • Posts: 27
Are shell instructions bad?
« on: June 22, 2006, 06:17:19 am »

Just a query... I'm new to the idea of developing tools for everyones use rather than just my own personal use.

So would it be considered bad form to have a coppermine function execute a shell script?

Currently, I implemented zip downloads of albums by calling the zip function through exec() in php. Is this a bad idea?
I'm wondering what kind of problems I might encounter using it.

Oh and I have code of the zipdownloads function which I'll be happy to release... if its safe to.
Logged

Tranz

  • Dev Team member
  • Coppermine addict
  • ****
  • Country: 00
  • Offline Offline
  • Gender: Female
  • Posts: 6149
Re: Are shell instructions bad?
« Reply #1 on: June 22, 2006, 07:22:16 am »

hmm.. I don't think it's bad in itself, but not a lot of people will be able to use it since not everybody has shell access. So if your goal is for everyone to use your tools, you'll have to find a way that doesn't require exec. :)
Logged

Abbas Ali

  • Administrator
  • Coppermine addict
  • *****
  • Country: in
  • Offline Offline
  • Gender: Male
  • Posts: 2165
  • Spread the PHP Web
    • Ranium Systems
Re: Are shell instructions bad?
« Reply #2 on: June 22, 2006, 07:32:07 am »

The shell will be safe if the web server setup has been done correctly (i.e. user permissions and other such things). Also the command which is executed should be validated and well sanitized. If these guidelines are followed then it is safe to execute shell commands.
Logged
Chief Geek at Ranium Systems

trippinsweet

  • Contributor
  • Coppermine novice
  • ***
  • Offline Offline
  • Posts: 27
Re: Are shell instructions bad?
« Reply #3 on: June 22, 2006, 01:00:18 pm »

Great. Then I'll release my mod soon.

Granted not everyone (especially people on shared hosting) will be able to use it, but if you're on your own dedicated box you should have no problem installing the linux zip binaries.

I personally think that a function that allows you to download whole albums is very useful.
Logged
Pages: [1]   Go Up
 

Page created in 0.019 seconds with 22 queries.